Bogus digital signatures, Re: OT: utility account transfer frauds

[David Swarbrick]

Doesn't this demonstrate yet again that we have the fundamentals wrong 
about digital signatures.

A signature is the manifestation of a mind agreeing to be bound in law 
to the content sof a document.

A deed is an act.

When we move to electronic documents we move away from the concept of 
there being 'one' document which is signed. We have to move to saying '
is this evidence that this person assented to, or agreed to these 
contents?' There is no reason why there should not be (as there will be 
anyway) two dozen perfect copies of it, and it is no longer necessary 
to worry whether any counts as 'the original'


Second, our definitions of digital signatures (how we ended up with two 
heaven knows) in ECA and RIP are deficient. They talk of '
authentication', but that is not the job of a signature. When I sign a 
cheque, I do not authenticate it. I make a promise. The act of 
signature is a physical manifestation of me making a legal commitment. 
What is left afterwards is evidence that I made that commitment, a 
trace of that assenting to an agreement. It does authenticate the 
cheque, identify its origin and provenance as well, but that is not its 
main purpose.

Nich Bohm, (again) seems to have said this clearest and first some 
years ago.


> and Casper Dik added:
> > You must make sure you generate the document you sign; the other
> > party can then agree to the document but should never able to
> > determine the hash beforehand.
> 
> Yup as well, although this is going to make contract signing fun.
> 

Does anyone yet have a workable protocol for sighning documents?

-- 
David Swarbrıck  david@swarb.freeuk.com
david.swarbrick@lawindexpro.co.uk